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Distributed payment system for cash-free payment transfers using a purse chip card 



(57) Tlie Invention presented describes a distrit>- 
uted payment system for cash-free payment with purse 
chip cards using the Net The system consists of a cli^ 
system which is, for exanple, installed at the customer 
site and a server system which is, for example, installed 
at tiie dealer. The client and server systems are con- 
nected over the Net. e.g. the Intemet. The client system 
consists of a chip card reader, tiie software associated 
witti tills, a client transaction program and. preferably, a 
data processing system. The server system consists of 
a security nxxJule, a chip card reader device for tiie 
security module, a server transaction program and a cli- 
ent sun^ogate program which represents the client sys- 
tem and. preferably, a data processing system. The 
most irrportant advantage of tiie distributed system is 
that a payment protocol, independent of any control 
centre, can be used economically for payment on tiie 
Net between tiie purchaser and dealer as welt as tor col- 
lective billing between the dealer and tiie purse settle- 
ment off tea The use of standard components which are 
currentiy used in local payment terminals means that an 
economical design can be reached both in the dealer 
network nodes (sender system) as well as in tiie pur- 
chaser network nodes (client system). 

Payment using an electronic exchange has tiie 
advantage over existing cash-free payment systems in 
that tiiere is no central control involved in tiie payment 
procedure, total settlement calculations are possible, a 
cryptographically secure protocol is used and anony- 
mous payments are possible. 
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Description 

[0001] The invention refers to a payment system for 
cash-free payment transfers in a netwvork by means of 
purse chip cards 

[0002] Modern types of cash-free payment transfers 
are canied out using chip cards. In particular, these are 
electronic purses, credit cards and debit cards. 
[0003] Several differ^ payment transfer applications 
can exist on a chip card, for example electronic purses 
and credit cards. 

[0004] The chip card is initialized before issue to the 
customer, i.e. application data and cryptographic keys 
for securing the transaction are stored on the chip card 
which allow the chip card to be used within the frame- 
work of certain applications. On being issued with the 
card, the customer is informed of the application for 
which the chip card can be used. 
[0005] If a customer wishes to pay for goods at a 
dealer using his/her purse chip card, then this transac- 
tion can be carried out at a payment terminal. The chip 
card is inserted into a chip card reader anranged in the 
payment terminal. Using the chip card reader, data can 
be read from the chip card or data can be written to the 
chip card. With electronic purse applications, the credit 
stored on the chip card is reduced by the amount which 
is to be paid to the shop for the goods. 
[0006] To can7 out the described payment procedure, 
the payment terminal has the following components in 
particular: a chip card reader, a keyboard for entering 
data, a display unit to display instructions to the cus- 
tomer, a security module, a communication connection 
to the network and software to control the correspond- 
ing transactions. 

[0007] For local payment procedures at a dealer, all 
corrponents of the payment terminal are integrated into 
one device. 

[0008] The normal methods of payment today in the 
network are payments with credit cards, debit authorisa- 
tions and\ electronic money. In paying using a credit 
card, the card nunrt>er is given unsecured to tiie dealer; 
in payment by means of a debit authorisation, the 
account number is given unsecured to the dealer, and in 
payment using electronic money, a control centre which 
administers the money is intermediately switched. 
[0009] Therefore tiie task of the invention presented is 
to produce a system and procedure which allows pay- 
ment by means of a purse chip card over a data network 
where tiie same basic components of a focal payment 
terminal as well as the same deduction and administra- 
tion protocols are used between the dealer and the 
deduction office of the purse hdd^ as in the local appli- 
cation. 

[0010] This task is solved by the characteristics of 
claims 1 and 14. Further advantageous developments 
of tills invention are presented in the sub-claims. 
[0011] The fundamental advantage of tiie invention 
presented is tiiat the payment protocol between tiie pur- 



chaser and the dealer, independent of a control centre, 
plus tiie calculation of the cumulative deductions 
between the dealer and the purse clearing office can be 
used cheaply for payment in tiie network. 

5 [001 2] By the use of standard components which are 
used in local payment terminals, a cheap design can be 
achieved both in the dealer's network nodes (server 
system) as well as in tiie purchaser's network nodes 
(client system). 

10 [001 3] Payments using an electronic purse differ from 
tiie usual methods of payment over the network In that 

- no control centre is involved in tiie payment process 

- cumulative deductions are possible 

15 - a cryptographically secure protocol is used and 
anonymous payments are possible. 

[001 4] In a suitable design of tiie invention presented, 
tiie following components are installed at tiie pur- 
20 chaser/end user (client system) : 

1 . A chip card reader fa reading from and writing to 
the electronic purse chip card 

2. Software for operating tiie chip card reader 

2$ 3. Purchaser transaction software (client transac- 
tion program) 

4. A keyboard for entering customer data, a display 
unit for displaying instructions to tiie customer and 

5. A communtoation connection to the network 

30 

[001 5] If the purchaser/end user has a personal com- 
puter connected to the network, then only components 
1 . 2 and 3 are to be additionally installed. The keyboard, 
display unit and network communication exist as stand- 
35 ard components 

[001 6] The following components are installed at the 
dealer/network server (server system): 

1. A security module 
40 2. A chip card reader for reading and writing to the 
security nxxiule . 

3. The sofhware for operating the security module 

4. The conununication connection to the network 

5. A dealer transaction program (server transaction 
45 program) to control the transaction, for administra- 
tion and deduction witii tiie purse clearing office 
and 

6. Purchaser surrogate software (client surrogate 
program) to read and write to the electronic purse 

so card, amongst other things. 

[0017] Conponents 1 to 5 are standard components 
of a local payment ternrtinal i.e. a standard payment ter- 
minal for local operations. These conponents are 
55 equipped with tiie purchaser sunogate program (client 
surrogate program). The purchaser sunrogate program 
is preferably installed at ttie dealer. The purchaser 
transaction software and tiie purchaser surrogate pro- 
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gram are added to the standard components of a local 
payment terminal, In order to maintain a distributed pay- 
ment terminal. 

[0018] The task of the purchaser transaction software 
in the purchaser's network nodes is 

- the transfer of the identification of the chip card to 
the dealer transaction software 

- the transfer of the data packets from the dealer 
transaction program over the chip card reader to 
the purse chip card 

- the transfer of the responses from the chip card to 
the dealer transaction program. 

[001 9] The task of the purchaser surrogate program in 
the dealer's network nodes is 

- the creation of the purse chip card commands 

- the transfer of the packets from the dealer transac- 
tion program to the purchaser transaction program 
and 

- the transfer of responses from the purchaser trans- 
action program to the general control of the dealer 
transaction program. 

[0020] A payment transaction using a purse chip card 
Is created using a cryptographically secure protocol 
between the purse chip card and tiie security module. 
The key for the cryptographic security is located at the 
terminal points of the protocol, the purse chip card and 
the security module. The protocol between the purse 
chip card and the security module takes place in the 
payment terminal in a local payment temiinal. 
[0021 ] The following procedure facilitates this protocol 
between the distributed components of the payment ter- 
minal: 

The purse chip card is identified locally in tiie net- 
work nodes of the purchaser/end user (client sys- 
tem) through tiie purchaser transaction program, 
after it is inserted into the chip card reader 

- The payment procedure is initiated by the network 
nodes of tiie dealer/network sender (sender system) 
by a message to the network nodes of the pur- 
chaser. The purchaser transaction program sends 
the identification data of the purse card to the 
dealer transaction program 

- The dealer transaction program and tiie purchaser 
surrogate program introduce tiie secured protocol 
between the purse chip card and the security mod- 
ule. The chip card command header data for the 
purse chip card is created in tiie purchaser suno- 
gate program 

- The data packets of the cryptographically secure 
protocol between tiie security module and tiie 
purse chip card are exchanged between the pur- 
chaser transaction program and tiie purchaser sur- 
rogate program over ttie network and Interpreted by 



the dealer transaction program 
At the end of the cryptographically secure protocol 
between the security module and tiie purse chip 
card, tiie cumulative data is supplemented by tiie 
5 dealer transaction program in the security module 
and the transaction data for the later deduction is 
stored in tiie dealer's network nodes. 

[0022] A suitable continuation of the invention is pro- 

10 vided for in that tiie purchaser transaction program and 
tiie software to operate the chip card reader in the pur- 
chaser's network nodes is loaded in tiie purchases 
network nodes before tiie start of tiie payment transac- 
tion from the dealer's network nodes. This can prefera- 

15 biy be carried out by implementing the software in JAVA. 
[0023] Another continuation of the invention is pro- 
vided for in the purchaser transaction program being 
designed to take precautions for deductions from tiie 
purse chip card In "time cycle operation". This time 

20 cycle operation, whteh is supported by some of the elec- 
tronic purse chip cards, allows the deduction of a fixed 
amount from tiie purse chip card per fixed time unit. 
Thus it is possible, for example, to deduct tiie costs of 
suppliers who wish to deduct the costs of services per 

25 time unit 

[0024] The invention presented is described in greater 
detail in the f6lk>wing using a drawing where Rg. 1 
shows a schematic representation of a distributed pay- 
ment terminal consisting of a client system and a server 

30 system accordng to the invention presented. 

[0025] Rg. 1 shows a distributed payment terminal 
witti components in ttie network node of the dealer 1 
(sender system) and in tiie network node of ttie pur- 
chaser 2 (client system). 

35 [0026] In the network node of tiie purchaser 2 there is 
a display unit 27 and a keytx>ard 28. Information is 
shown using the display unit 27. This includes in partic- 
ular the request to make certain payment-specific 
entries using the keytx)ard 28. The display unit 27 and 

40 ttie keytx3ard are controlled using standard terminal 
software 26, for example a PC operating system. 
[0027] The distributed payment terminal can be used 
to give a dealer's customers the opportunity to pay with- 
out using cash within the framework of an electronic 

45 exchange, for the dealer's goods or services. For ttiis 
reason ttie network node of ttie dealer 1 and ttie net- 
work node of ttie purchaser 2 are connected on-line 
using a central network over the host communk^ation 
modules 19 and 29. 

50 [0028] If a cash-free payment procedure is carried out 
using the distributed payment terminal, then in tiie net- 
work node of the purchaser 2, for example, the amount 
to be paki by tiie customer will be displayed on ttie dis- 
play unit 27. By means of ttie keyboard 28 in the net- 

55 work node of tiie purchaser 2. the payment type can be 
selected and the amount to be paid can be confirmed. 
[0029] To control the distributed payment terminal 
witiiin tiie framework of use by the customer, in ttie net- 
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work ncxle of the dealer 1 the distributed payment termi- 
nal has a dealer transaction program 14 (server 
transaction program) and a purchaser surrogate pro- 
gram 1 6 (client sun-ogate program) which basically con- 
sists of a software module. The dealer transaction 5 
program 14 and the purchaser sunrogate software 16 
are stored in the memory of a processing unit in the net- 
work node of the dealer 1 and are used by a processor 
in the processing unit to carry out applications. The 
dealer transaction program 14 exchanges information w 
with the different components of the distributed payment 
terminal, particularly with the security module 11 and 
the purchaser surrogate program 16 (client surrogate 
program). 

[0030] The security nxxJule 1 1 is controlled by a card is 
reader 12 and card reader software 13. The purchaser 
surrogate program 16 is used as a representative of the 
network node of the purchaser 2. It creates and inter- 
prets the command level of the purse chip card 21 and 
communicates with the network node of the purchaser 2 20 
over the communication module 19. 
[0031 ] In addition, in the network node of the dealer 1 
there is a display unit 1 7 and a keyboard 18 for commu- 
nicating with the dealer. These are used, for example, 
within the framework of the administration of the net- zs 
work node of the dealer 1 and for initializing the deduc- 
tion with the purse clearing office. 
[0032] If a customer wants to pay using his/her elec- 
tronic purse which Is on the chip card 21 , then the cus- 
tomer inserts the chip card 21 into the card reader 22 so 
and confirms the amount to be paid using the keyboard 
28. The purchaser transaction program 24 carries out 
the procedural stages necessary for reading the identi- 
fication data on the chip card using the card reader soft- 
ware 23. The card reader software 23 sets the card 35 
reader 22 into a state where tiie insertion of a chip card 
is expected. After the chip card 21 Is inserted into the 
card reader 22 and con-ect contact is created between 
the chip card 21 and the card reader 22, the card reader 
22 sencte con-esponding information to the purchaser 40 
transaction program 24 using tiie card reader program 
22, 

[0033] Then a payment transaction is to be carried out 
where tiie amount to be paid is deducted from the elec- 
tronic purse on tiie chip card 21 and tiie deducted 45 
amount is stored in the network node of tiie dealer 1 
along witii oUier transaction data such as chip card 
identification, currency and purse owner, so that tiie 
dealer later receives tiiis amount transferred from the 
clearing offk^e of the purse owner. so 
[0034] In candying out the procedural stages for 
deducting tiie anrK)unt to be paid from the chip card 21, 
the security module 1 1 is used for exchanging data rel- 
evant to security and to prevent misuse of the purse. 
[0035] Stored in tiie security module 1 1 are functions ss 
and procedures to be canied out, and witii whose help 
the deduction of the payment amount from ttie elec- 
tronic purse of tiie chip card 21 can be completed, as 



well as cryptographic keys. 

[0036] In addition, cumulative data on transactions 
started with tiie purse owner since tiie last deduction 
are heki in the security module. Deductions are initiated 
by the dealer tiansaction program 14 and cover infor- 
mation exchange between the chip card 21 and tiie 
security module 1 1 . This information exchange has tiie 
following step sequence: 

- The chip card 21 is identified locally in the networi^ 
node of tiie purchaser 2 by the purchaser transac- 
tion program 24 using tiie card reader software 23 
after it Is inserted into tiie card reader 22. 

- The payment procedure is initiated by tiie network 
node of the dealer 1 by a message via the network 
communication modules 19 and 29 to tiie network 
nodes of the purchaser 2. This message contains, 
amongst otiier things, tiie amount. 

The amount and otiier relevant Information are dis- 
played on the display unit 27 in the network node of 
tiie purchaser 2 and confirmed and optionally sup- 
plemented by tiie purchaser through entries on the 
keyboard 28. The payment procedure in tiie net- 
work node of tiie purchaser 2 is thus initiated. 

- The purchaser transaction program 24 sends tiie 
klentification data of the chip card 21 to the pur- 
chaser surrogate program 16 In the network node 
of the dealer 1 over tiie network communication 
modules 29 and 9. 

- The purchaser surrogate program 1 6 interprets tiie 
Klentification data and transfers it and tiie dealer 
transaction program 14. 

- The dealer transaction program 14 initiates the 
secure protocol between tiie chip card 21 and the 
security module 11. The security module creates a 
cryptographically secure message to tiie purse chip 
card which is transferred over the card reader soft- 
ware to the dealer transaction p-ogram. The dealer 
transaction program transfers the message to tiie 
purchaser surrogate |»rogram. 

[0037] The chip card command header data for tiie 
purse chip card is created by tiie purchaser surrogate 
program. The message is sent via tiie communication 
software to the purchaser transaction program. The pur- 
chaser transaction program transfers the complete 
message to the purse chip card over the card reader 
software. The cryptographically secure response of the 
purse chip card is transferred to the purchaser transac- 
tion program over tiie card reader program and it goes 
over the communication software to tiie purchaser sur- 
rogate program. The purchaser surrogate program 
interprets the protocol data of the response which refers 
to tiie chip card command and transfers the response to 
tiie dealer transaction program. The dealer transaction 
program interprets tiie response with regard to the pro- 
tocol between the security module and the purse chip 
card. If the protocol is not complete, then tiie response 
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is transferred to the security module and the previous 
steps are repeated. If the protocol is conplete. then this 
means that the amount Is deducted from the purse chip 
card and the cumulative data in the security nuxiule is 
supplemented, the dealer transaction program stores 5 
the transaction data for the later deduction in the net- 
work node of the dealer and ends the payment proce- 
dure. 

[0038] At the end of the day or at a time determined 
by the dealer or the clearing office, the transaction data 10 
in the network node of the dealer is sent to the clearing 
office of the purse owner for deduction. 

Claims 

15 

1. Distriixited payment system {1; 2) for cash-free 
payment transfers by means of a purse chip card 
containing 

a) a client system (2) 20 
containing 

aa) a chip card reader device (12) for read- 
ing and writing to the electronic purse chip 
card 25 

bb) a client transaction program (24) to 
control the comnuinication of the client 
system components with the server sys- 
tem components 30 

cc) an Input device (27; 28) 

dd) a communication device for connection 
to a data network (29) $5 

b) a server system (1) 
containing 

aa) a security nxxlule (1 1) 4o 

bb) a chip card reader device for reading 
and writing to the security module (12) 

cc) an input device (1 7; 1 8) as 



2. System according to claim 1 , characterised by the 
client system (2) being installed at the customer site 
and the server system (1) bdng installed at the 
dealer 

3. System according to claims 1 or 2, characterised by 
the comrojnication device of the di^ system (29) 
and the server system (19) being connected with 
one another over the Internet. 

4. System according to claims 1 to 3, characterised by 
the client transaction program (24) executing the 
identification of tiie purse chip card to the server 
transaction program (14), the transfer of the request 
from tiie server transaction program via the chip 
card reader to tiie purse chip card and tiie transfer 
of the responses from the chip card to the server 
transaction program. 

5. System according to claims 1 to 4, characterised by 
the client sun-ogate program (16) executing tiie ae- 
ation of tiie purse chip card commands, the transfer 
of the request from tiie server transaction program 
(14) to the client transaction program and the trans- 
fer of tiie responses from the client transaction pro- 
gram to ttie general control of tiie server transaction 
program. 

6. System according to claims 1 to 4, characterized by 
the input device of the client system and tiie server 
system consisting of a display device and a key- 
board. 

7. System according to claims 1 to 5, characterised by 
the communication device (19; 29), keyboard (18; 
28) and display device (17; 27) being part of a data 
processing device or network computer. 

8. A system according to claims 1 to 6, characterized 
by tiie server transaction program (14) and the cli- 
ent sun^ogate program (16) being installed in a data 
processing device or networic computer of tiie 
server system. 



dd) a server transaction program (14) to 9. 
control the communication of tiie server 
system components 

$0 

ee) a client sun-ogate program (16) to rep- 
resent tiie client system 



System according to claims 1 to 8, characterized by 
the client transaction program and tiie program for 
controlling tiie chip card reader being stored in tiie 
server system or a server and not being loaded into 
tiie client system until the initiation of a payment 
process. 



fO a communication device for connection ia 
to a network (19) 55 
in which the communication device of the 
client system and tiie server system are 
connected with one anotiier using a data 



System according to claims 1 to 9, characterized by 
tiie client transaction program and tiie program for 
controlling the chip card reader being written in tiie 
JAVA programming language. 
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11. System according to claims 1 to 10i characterized 
by the client transaction program having planned 
precautions for debiting from the purse chip card in 
time-cycle nruxie. 

12. System according to claims 1 to 11, characterized 
by the chip card reader device containing a pro- 
gram for controlling the chip card reader in reading 
and writing to the purse chip card. 

13. A system according to daims 1 to 12, characterized 
by the chip card reader device containing a pro- 
gram for controlling the security nxxJule for reading 
and writing to the security module. 

14. A procedure for cash-free payment using a purse 
chip card with a system according to claims 1,2,3, 
6 to 13, containing the following steps: 

a) Insertion of the purse chip card (21) in the 
chip card reader (22) 

b) Identification of the purse chip card using the 
client transaction program (24) 

c) Initiation of a payment procedure using the 
server system (1) or client system (2) by dis* 
playing the amount on the display device of the 
client system 

d) Confirmation of the amount by the client sys- 
tem (2) 

e) Transfer of the rdentrfication data of the 
purse chip card to the client surrogate program 
(16) 



k) Interpretation of the response according to 
step D with regard to the protocol between the 
security nrxxJule and the purse chip card by the 
server transaction program 

5 

I) if the protocol is not complete, repeat from 

step h) to k) 

or 

10 m) if the protocol Is complete, save the pay- 

ment transaction data using the server transac- 
tion program. 

15. Procedure according to daim 14. characterized by 
IS the response according to step 0 being transferred 

via the card reader program and client transaction 
program to the client sun^ogate program. 

16. Procedure according to claim 15. characterised by 
20 the response according to step 0 being interpreted 

by the dient surrogate program into protocol data 
which refers to the chip card commands. 

17. Procedure according to claims 1 1 to 16, character- 
25 tzed by the payment transaction data according to 

step m) being stored in the server system. 



30 
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f) interpretation of the identification data by the 
client surrogate program and transfer to the 
server transaction program (14) 4o 

g) Initiation of the secure protocol between the 
purse chip card (21) and the security module 
(1 1) using the server transaction program 

45 

h) Creation of a cryptographically secure mes- 
sage by the security module (1 1) and transfer 
of this message to the dient surrogate program 
(16) 

so 

0 Creation of chip card commarxJs for the 
purse chip card (21 ) by the client sunrogate pro- 
gram (16) and transfer of the chip card com- 
mand (23) to the purse chip card (1 1) 

55 

j) Creation of a response by the purse chip card 
and the transfer of this response to the server 
transaction program 
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